HIPAA Checklist

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to establish national standards for protecting the privacy, security, and confidentiality of individuals’ health information. As part of HIPAA compliance, covered entities and business associates are required to implement certain administrative, physical, and technical safeguards to protect patients’ health information. One critical aspect of HIPAA compliance is completing HIPAA compliance forms.

This webpage provides an overview of the most important forms that organizations need to complete to ensure HIPAA compliance.

Notice of Privacy Practices

Notice of Privacy Practices (NPP) is a form that covered entities must provide to their patients upon joining and whenever the policy changes. The NPP informs patients about how their health information will be used and disclosed, as well as the patient’s rights with respect to their health information. The NPP must include details such as the types of uses and disclosures that the covered entity can make, the patient’s rights to access and amend their health information, and the covered entity’s policies and procedures regarding using their health information.

HIPAA Privacy Rule Checklist

The HIPAA Privacy Policy is a written document that outlines the covered entity’s policies and procedures for protecting patients’ privacy rights. It should include how the covered entity uses, discloses, and safeguards protected health information (PHI) and patients’ rights to access and amend their PHI. The Privacy Policy should be reviewed and updated regularly to ensure that it reflects any changes to HIPAA regulations or the covered entity’s practices.

Get CPR Certified in Minutes for as low as $19.95

Join thousands of professionals that have been certified online with us
100% Online Certification
Fast & Convenient
Instant Certification Card
Nationally Accepted
Get Started
5 star
from 259,205 reviews


Tailored for the community and workplace
Offer Expires:
Comprehensive CPR Training Across All Ages
Choking response training
Recovery position technique course

HIPAA Security Rule Checklist

The HIPAA Security checklist comprehensively reviews the covered entity’s administrative, physical, and technical safeguards to protect PHI. The assessment should identify potential risks to the confidentiality, integrity, and availability of PHI, as well as any vulnerabilities that hackers or unauthorized individuals could exploit. The Security Risk Assessment should be performed annually or whenever significant changes occur in the covered entity’s technology, processes, or personnel.

Implementing Patient’s Right to Access Their PHI (Checklist)

Implementing a patient's right to access their PHI is an important part of HIPAA compliance. Covered entities must provide patients with timely access to the information they request in a manner that is convenient and cost-effective. Patients should be able to view, download, or receive copies of their PHI upon request. The covered entity should also provide the patient with an explanation of any codes or abbreviations used in the PHI.

HIPAA compliance forms and checklists are critical components of a covered entity’s compliance program. By completing these forms and checklists, covered entities can ensure that they have implemented the necessary administrative, physical, and technical safeguards to protect PHI and comply with HIPAA regulations. Covered entities should regularly review and update their HIPAA compliance forms and checklists to reflect changes in HIPAA regulations or the covered entity’s practices.